Today starts a new community effort to achieve compliance

Launch of the International Security & Privacy Policy Institute to support Demonstrable Compliance

Today we start a new not-for-profit venture with the International Security and Privacy Policy Institute (ISPPI).   Our mission is to help organizations achieve demonstrable compliance with law, regulation and industry standards through the use of The Baseline Set of security and privacy policies, standards, procedures and audit guidelines.   We refer to this collection of documents as The Baseline.   What makes The Baseline different is that it includes detailed requirements with identification of their source in regulation, law and standards as well as the metrics necessary to measure compliance with The Baseline.

Over 20 years of experience in security and privacy consulting has helped us identify a common need for a strong baseline policy set with the supporting requirements and metrics.   These metrics are used to demonstrate compliance through an assessment or an audit.

The ISPPI supports collaboration with practitioners in technology, security, management, law and audit to yield the best work products in Governance, Security and Privacy.   We encourage individuals to join as members of the ISPPI to help develop The Baseline Document Set.  In order to broaden the source pool of ideas from the best minds we have created this Institute to serve as a forum for the discussion and creation of The Baseline  which can be used under a Creative Commons License Agreement.   The general Baseline will be made available to all without license fees but will not include republishing or resale rights.   Ultimately, the ISPPI will develop specific industry Baseline Sets and will license those to organizations on an individual bases.  In addition, the ISPPI offers consulting services to support the integration and customization of The Baseline by organizations wishing to establish demonstrable compliance.    This ensures that the organization is sustainable and can continue its work to help organizations understand how law, regulation and standards impact their organization and how to comply with their requirements.